Official Laboratory Discussion

You can send me a pm @dutchinho

@Jk3r said:
Anyone have a good article on how to exploit G**** with dokcer, i have the secret but im stuck ! Thx

did you find a way where to use those keys???

did you find a way where to use those keys???

Nope, still searching !

Got a foothold and landed on a limited Dr C*****.
Any nudges on how to get user?

Type your comment> @andrenl said:

Got a foothold and landed on a limited Dr C*****.
Any nudges on how to get user?

How did you use the keys? if u can help please

Rooted!
Definitely not an easy box. As usual foothold is harder than user and root. 502 error is for sure annoying and distracting.

Set up your own environment and it doesnt have to be via docker. Just simple standalone VM.
Big thanks to @PrivacyMonk3y

Having trouble creating the payload… I can create files and modify them just fine but can’t reverse

Type your comment> @alphaomega said:

Having trouble creating the payload… I can create files and modify them just fine but can’t reverse

Think about what’s going on when you’re doing the other files.
Break that process done. Can you use the same method it’s using?

The poc is using pipes… that’s interesting isn’t it?

Type your comment> @PrivacyMonk3y said:

Type your comment> @alphaomega said:

Having trouble creating the payload… I can create files and modify them just fine but can’t reverse

Think about what’s going on when you’re doing the other files.
Break that process done. Can you use the same method it’s using?

The poc is using pipes… that’s interesting isn’t it?

I managed to finally get the g*t user. Not sure what poc is!

Felt like I was on the verge of getting RCE but got so stuck I tried resetting the machine as a last resort, and now only 502 errors like others have mentioned. Is there a trick to getting around those?

Switched VPNs and I’m back in business. Although it doesn’t fix it for anyone on that original VPN.

I can get some file exfiltration, but not much more. Do I need to set up a local G***** instance and poke around it to see what files to take or is that a time waste? Cheers.

EDIT: afaik I can only grab files that the g*****-w** user has perms to view (or one of the g*****-xxxxx users)

Type your comment> @andrenl said:

Got a foothold and landed on a limited Dr C*****.
Any nudges on how to get user?

Hint:
Google basic commands research on G****-r**** C******.
You should think what to do with D *****
if you need something PM

Spoiler Removed

Hi Guys, There must be another trick than using R**** C******.

Type your comment> @mohsinhakak said:

Whoops, GitLab is taking too much time to respond. been like this for days, any information on how to get rid of this please PM , thanks

Same here, it worked great for me before

Hnmm I leaked the secret, but I can’t get r*** to run my payload. I tried adding spaces to remove ='s as 0xc45 suggested but still no luck. Any tips?

Stuck on the foothold. I’ve found the g** URL and made an account. Can create a project and get it to call a r****r on my local g***** instance, but haven’t found a way to turn this into anything yet. Searched for CVEs but haven’t found any that are useful. As usual I may have missed something obvious?

Rooted :wink:

That was an easy box?
I don’t think so…
Thanks, @n3ph0s for the nudge on foothold.

Feel free to PM if any help is needed.

guys im stuck in the beginning can someone dm me a hint to start with, i did a service scan and i can’t get anywhere around the website